Some semi-autonomous processes on mobile phones require a time source which cannot be arbitrarily manipulated by the user. Such time sources provide what is referred to herein as “secure time”. In the case of digital rights management (DRM) on a handset operating under global system for mobile communications (GSM) protocols, secure time is needed to determine if time constraints placed upon DRM controlled content remains in force, e.g., how much usage time has been used. This is applied to situations where a user or subscriber is allowed a specific amount of time, or a time window, in which to use an item, such as a video presentation. A DRM protocol may be applied, e.g., to the rights to view a motion picture which is downloaded from a server. Typically, the motion picture is encapsulated within a DRM protocol, which incorporates a security protocol, e.g., a public key infrastructure (PKI), which allows use of the downloaded information for a set period of time. In order to insure that the downloaded information is only used during its valid time period, a mechanism must be provided to prevent a user from arbitrarily changing the system clock of the device containing the downloaded information, which, if allowed, would enable unlimited usage of the downloaded information.
One time source for the DRM is the clock provided in a mobile communication device user interface, however, the user interface clock can be arbitrarily set by the user, making it unreliable for DRM purposes.
Although GSM protocols define a means of transmitting a secure time source packet from the GSM network, which is referred to as a network identity and time zone (NITZ) signal, service providers are not required to transmit this time signal. Presently, only a few service providers are providing NITZ, e.g., Cingular, ATT, while others, e.g., Vodafone, are still investigating how to employ it. Furthermore, service providers which do supply NITZ do not guaranteeing system wide coverage, making their NITZ implementation sporadic.
Another source of secure time is to construct an Internet server which provides correct time to any client upon request. However, this protocol has several drawbacks: First, any Internet connection made by the handset incurs air time charges, which are billed to the user; second, users may find it unacceptable that their handset autonomously and periodically connects to a remote server, i.e., the Big Brother Syndrome; and third, such a server requires adequate bandwidth/computing resources to serve potentially millions of hits-per-month, and needs to provide a protocol to insure that a server outage does not cause any handset to cease operation.
The power density of current backup batteries, consumer demand for ever smaller handsets, and the corresponding high power consumption of integrated real time clock (RTC) hardware, limit the capabilities of a battery backed-up secure time source to one to two weeks. Such a short battery life precludes provision of a factory-set, secure-time source which operates independently of the main battery over the device's lifetime. Some GSM handsets, such as the Sharp GX30 handset, include a separate, internal, user-inaccessible, rechargeable battery, which provides power for the RTC hardware for up to two weeks, in the event that the handset's main battery is discharged or disconnected.
U.S. Pat. No. 6,023,690 to Chrosny et al., granted Feb. 8, 2000, for Method and apparatus for securely resetting a real time clock in a postage meter describes the setting of a single secure clock and the subsequent usage of that clock to enable/disable the printing of postage.
U.S. Pat. No. 5,999,921 to Arsenault et al., granted Dec. 7, 1999, for Electronic postage meter system having plural clock system providing enhanced security describes the maintenance of a non-secure time clock in one format and a secure time clock in a second time format.
U.S. Pat. No. 5,946,672, to Chrosny et al, granted Aug. 31, 1999, for Electronic postage meter system having enhanced clock security describes insertion of an external smart card containing information that identifies the inserted external smart card as a real time clock security card, and only upon receipt of the information is the inserted external smart card determined to be a real time clock security card.
U.S. Patent Publication No. 2003/0115469 A1, of Shippy et al., published Jun. 19, 2003, for Systems and methods for detecting and deterring rollback attacks describes a log which tracks access to protected content, which requires forced periodic updates.
U.S. Patent Publication No. 2002/0077985 A1, of Kobata et al., published Jun. 20, 2002, for Controlling and managing digital assets Distinguishing describes a method for managing digital rights of software on a computer system.
WO2003/005145 A2, for Digital rights management in a mobile communications environment, of Kontio et al., published Jan. 16, 2003, describes a method for control the access, copying, and/or transfer of a digital asset by mobile, wireless devices.